"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: add gitwrapper
To:
Omar Polo <op@omarpolo.com>
Cc:
gameoftrees@openbsd.org
Date:
Tue, 28 Mar 2023 11:56:59 +0200

Download raw body.

Thread
On Tue, Mar 28, 2023 at 11:33:29AM +0200, Omar Polo wrote:
> On 2023/03/28 11:18:40 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> > This improved version has been tested more thoroughly and fixes
> > a few bugs such that gitwrapper actually works as advertised.
> > It also makes use of unveil(2) to restrict the set of programs
> > which can be run (even though a user who ends up running this
> > tool probably has shell access anyway).
> 
> I haven't run-tested it yet but reads fine; let's get it in and
> continue hacking in tree.

Thanks, done.

Here is a tweak we should make to ensure that native git tooling
doesn't end up running on gotd-managed repositories accidentally
even if the repository is listed in gotd.conf.

Ok?

-----------------------------------------------
 require gotsh to exist if the repository is listed in gotd.conf
 
diff b09c127974759a56a6b5273da53d215f8500f5a7 63ae46e379a4fa3575187a4b6b229a9e823b15ab
commit - b09c127974759a56a6b5273da53d215f8500f5a7
commit + 63ae46e379a4fa3575187a4b6b229a9e823b15ab
blob - a5d0bcb2233ff202330b3c197e216e3300f272f4
blob + a30589e672a0c2ca735d16a6ecde083ecf754389
--- gitwrapper/gitwrapper.c
+++ gitwrapper/gitwrapper.c
@@ -177,15 +177,20 @@ main(int argc, char *argv[])
 	repo = gotd_find_repo_by_name(repo_name, &gotd);
 
 	/*
-	 * Invoke our custom Git server if it was found in PATH and
-	 * if the repository was found in gotd.conf.
-	 * Otherwise invoke native git(1) tooling.
+	 * Invoke our custom Git server if the repository was found
+	 * in gotd.conf. Otherwise invoke native git(1) tooling.
 	 */
 	switch (pid = fork()) {
 	case -1:
 		goto done;
 	case 0:
-		if (repo && myserver) {
+		if (repo) {
+			if (myserver == NULL) {
+				error = got_error_fmt(GOT_ERR_NO_PROG,
+				    "cannot run '%s'",
+				    GITWRAPPER_MY_SERVER_PROG);
+				goto done;
+			}
 			if (execl(myserver, command, repo_name,
 			    (char *)NULL) ==  -1) {
 				error = got_error_from_errno2("execl",
blob - 53f181cbdaef76fe21b918d662302e97c34c6b3b
blob + 3b047e438a7e4fff23c4e9f6c1ada623765a80dc
--- include/got_error.h
+++ include/got_error.h
@@ -184,6 +184,7 @@
 #define GOT_ERR_COMMIT_BAD_AUTHOR 166
 #define GOT_ERR_UID		167
 #define GOT_ERR_GID		168
+#define GOT_ERR_NO_PROG		169
 
 struct got_error {
         int code;
blob - 0594e146d2cc9880efb2656076d68077f87407cb
blob + 9722f2b79685f6dcd81c590ca357729edac35a25
--- lib/error.c
+++ lib/error.c
@@ -233,6 +233,7 @@ static const struct got_error got_errors[] = {
 	    "make Git unhappy" },
 	{ GOT_ERR_UID, "bad user ID" },
 	{ GOT_ERR_GID, "bad group ID" },
+	{ GOT_ERR_NO_PROG, "command not found or not accessible" },
 };
 
 static struct got_custom_error {